These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
A remote code execution vulnerability exists in Notification Settings on GeoVision GV-ASWeb 6.2.0. An authenticated user with System Setting permissions can execute arbitrary commands on the server by sending a crafted HTTP POST request to the ASWebCommon.srf backend endpoint to bypass the frontend restrictions.
A critical stack-based buffer overflow vulnerability exists in the WebCam Server component of GV-VMS V20 video monitoring software. The vulnerability resides in the `gvapi` endpoint's base64 decoding routine, where a dynamically sized decoded string is copied to a fixed 256-byte stack buffer without bounds checking. An attacker can exploit this by sending an HTTP request with a maliciously crafted Authori [truncated]
An insufficient encryption vulnerability in GeoVision GV-IP Device Utility 9.0.5 allows credential theft via passive network monitoring. The utility broadcasts privileged commands over UDP with username and password encrypted using a Blowfish-derived protocol, but the symmetric encryption key is transmitted in the same packet. An attacker on the same LAN can capture broadcast traffic and decrypt credentia [truncated]